CVE-2024-26462

Опубликовано: 28 фев. 2024

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.

Отчет

In the file ndr.c, a struct named b is defined, and its address is passed to the function k5_buf_init_dynamic. Inside this function, b is referred to as buf, and the malloc function is used to allocate dynamic memory for buf->data. After k5_buf_init_dynamic completes and returns, if an if statement evaluates to true, the program returns. During this process, the memory allocated to b is not freed, leading to a memory leak defect.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	krb5	Not affected
Red Hat Enterprise Linux 6	krb5	Out of support scope
Red Hat Enterprise Linux 7	krb5	Out of support scope
Red Hat Enterprise Linux 8	krb5	Not affected
Red Hat Enterprise Linux 9	krb5	Fixed	RHSA-2024:9331	12.11.2024
Red Hat Enterprise Linux 9	krb5	Fixed	RHSA-2024:9331	12.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-401

https://bugzilla.redhat.com/show_bug.cgi?id=2266742krb5: Memory leak at /krb5/src/kdc/ndr.c

EPSS

Процентиль: 7%

0.00024

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-26462

CVSS3: 5.5

ubuntu

около 2 лет назад

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

CVE-2024-26462

CVSS3: 5.5

nvd

около 2 лет назад

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

CVE-2024-26462

msrc

больше 1 года назад

Описание отсутствует

CVE-2024-26462

CVSS3: 5.5

debian

около 2 лет назад

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...

GHSA-rgrc-qmj6-x9mf

CVSS3: 5.5

github

около 2 лет назад

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

EPSS

Процентиль: 7%

0.00024

Низкий

7.5 High

CVSS3